Create New Item
Item Type
File
Folder
Item Name
Search file in folder and subfolders...
Are you sure want to rename?
forbidals
/
wp-content
/
plugins
/
formidable
/
classes
/
models
/
fields
:
FrmFieldCaptcha.php
Advanced Search
Upload
New Item
Settings
Back
Back Up
Advanced Editor
Save
<?php if ( ! defined( 'ABSPATH' ) ) { die( 'You are not allowed to call this page directly.' ); } /** * @since 3.0 */ class FrmFieldCaptcha extends FrmFieldType { /** * @var string * * @since 3.0 */ protected $type = 'captcha'; /** * @return string */ protected function include_form_builder_file() { return FrmAppHelper::plugin_path() . '/classes/views/frm-fields/back-end/field-captcha.php'; } /** * Returns the image name for a captcha. * * @return string */ public static function get_captcha_image_name() { $frm_settings = FrmAppHelper::get_settings(); $active_captcha = $frm_settings->active_captcha; return $active_captcha === 'recaptcha' && $frm_settings->re_type === 'v3' ? 'recaptcha_v3' : $active_captcha; } /** * @return array */ protected function field_settings_for_type() { $settings = FrmCaptchaFactory::get_settings_object(); return array( 'required' => false, 'invalid' => true, 'captcha_size' => $settings->should_show_captcha_size(), 'captcha_theme' => $settings->should_show_captcha_theme(), 'captcha_theme_auto_option' => $settings->should_show_captcha_theme_auto_option(), 'default' => false, ); } /** * @return array */ protected function new_field_settings() { $frm_settings = FrmAppHelper::get_settings(); return array( 'invalid' => $frm_settings->re_msg, ); } /** * @return array */ protected function extra_field_opts() { return array( 'label' => 'none', 'captcha_size' => 'normal', 'captcha_theme' => 'light', ); } /** * Replace the "for" attribute for captcha field so it matches the response ID. * * @param array $args * @param string $html * * @return string */ protected function before_replace_html_shortcodes( $args, $html ) { $settings = FrmCaptchaFactory::get_settings_object(); return str_replace( ' for="field_[key]"', ' for="' . esc_attr( $settings->token_field ) . '"', $html ); } /** * @param array $args * @param array $shortcode_atts * * @return string */ public function front_field_input( $args, $shortcode_atts ) { if ( ! self::should_show_captcha() ) { return ''; } $frm_settings = FrmAppHelper::get_settings(); $settings = FrmCaptchaFactory::get_settings_object(); $div_attributes = array( 'id' => $args['html_id'], 'class' => $this->class_prefix( $frm_settings ) . $this->captcha_class( $frm_settings ), 'data-sitekey' => $settings->get_pubkey(), ); if ( 'turnstile' === $frm_settings->active_captcha ) { $captcha_language = $this->get_captcha_language(); if ( $captcha_language ) { $div_attributes['data-language'] = $captcha_language; } } $div_attributes = $settings->add_front_end_element_attributes( $div_attributes, $this->field ); return '<div ' . FrmAppHelper::array_to_html_params( $div_attributes ) . '></div>'; } /** * @since 6.25 * * @return string */ private function get_captcha_language() { /** * Allows updating the captcha language. * * @since 6.25 * * @param string $lang * @param array $field */ return apply_filters( 'frm_captcha_lang', get_bloginfo( 'language' ), $this->field ); } /** * Load the captcha script. * * @param array $args * * @return void */ protected function load_field_scripts( $args ) { $api_js_url = $this->api_url(); wp_register_script( 'captcha-api', $api_js_url, array( 'formidable' ), '3', true ); wp_enqueue_script( 'captcha-api' ); } /** * Get the URL for the script JS that is loaded on the front end. * * @return string */ protected function api_url() { $frm_settings = FrmAppHelper::get_settings(); $active_mode = $frm_settings->active_captcha; if ( 'recaptcha' === $active_mode ) { return $this->recaptcha_api_url( $frm_settings ); } if ( 'hcaptcha' === $active_mode ) { return $this->hcaptcha_api_url(); } return $this->turnstile_api_url(); } /** * @param FrmSettings $frm_settings * * @return string */ protected function recaptcha_api_url( $frm_settings ) { $api_js_url = 'https://www.google.com/recaptcha/api.js?'; if ( $this->allow_multiple( $frm_settings ) ) { $api_js_url .= '&onload=frmRecaptcha&render=explicit'; } $lang = apply_filters( 'frm_recaptcha_lang', $frm_settings->re_lang, $this->field ); if ( $lang ) { $api_js_url .= '&hl=' . $lang; } // Since this URL initially ends with ? and we never use add_query_arg, remove the extra // & that appears immediately after the ? $api_js_url = str_replace( '?&', '?', $api_js_url ); /** * @param string $api_js_url */ return apply_filters( 'frm_recaptcha_js_url', $api_js_url ); } /** * @since 6.0 * * @return string */ protected function hcaptcha_api_url() { $api_js_url = 'https://js.hcaptcha.com/1/api.js'; $lang = $this->get_captcha_language(); if ( $lang ) { // Language might be in the format of en-US, fr-FR, etc. In that case, we need to extract the first part to comply with the hcaptcha api request format. $lang_parts = explode( '-', $lang ); $api_js_url .= '?hl=' . $lang_parts[0]; } $api_js_url = add_query_arg( 'onload', 'frmHcaptcha', $api_js_url ); /** * Allows updating hcaptcha js api url. * * @since 6.0 * * @param string $api_js_url */ return apply_filters( 'frm_hcaptcha_js_url', $api_js_url ); } /** * @since 6.8.4 * * @return string */ protected function turnstile_api_url() { $api_js_url = 'https://challenges.cloudflare.com/turnstile/v0/api.js?onload=frmTurnstile&render=explicit'; /** * Allows updating hcaptcha js api url. * * @since 6.8.4 * * @param string $api_js_url */ $api_js_url = apply_filters( 'frm_turnstile_js_url', $api_js_url ); // Prevent render=explicit from happening twice in case someone patched // the double rendering issue using the frm_turnstile_js_url hook. return str_replace( '&render=explicit&render=explicit', '&render=explicit', $api_js_url ); } /** * @param FrmSettings $frm_settings * * @return string * * @psalm-return ''|'frm-' */ protected function class_prefix( $frm_settings ) { return FrmCaptchaFactory::get_settings_object()->get_class_prefix( $this->allow_multiple( $frm_settings ) ); } /** * @param FrmSettings $frm_settings This isn't used anymore. It's only there for backwards compatibility. * * @return string * * @psalm-return 'g-recaptcha'|'h-captcha' */ protected function captcha_class( $frm_settings ) { $settings = FrmCaptchaFactory::get_settings_object(); return $settings->get_element_class_name(); } /** * @param FrmSettings $frm_settings * * @return bool */ protected function allow_multiple( $frm_settings ) { return $frm_settings->re_multi; } /** * @since 4.07 * * @param array $args * * @return array */ protected function validate_against_api( $args ) { $errors = array(); $frm_settings = FrmAppHelper::get_settings(); $resp = $this->send_api_check(); $response = json_decode( wp_remote_retrieve_body( $resp ), true ); if ( is_wp_error( $resp ) ) { $error_string = $resp->get_error_message(); $errors[ 'field' . $args['id'] ] = __( 'There was a problem verifying your captcha', 'formidable' ); $errors[ 'field' . $args['id'] ] .= ' ' . $error_string; return $errors; } if ( ! is_array( $response ) ) { return $errors; } if ( $frm_settings->active_captcha === 'recaptcha' ) { if ( 'v3' === $frm_settings->re_type && array_key_exists( 'score', $response ) ) { $threshold = floatval( $frm_settings->re_threshold ); $score = floatval( $response['score'] ); $this->set_score( $score ); if ( $score < $threshold ) { $response['success'] = false; } } } if ( isset( $response['success'] ) && ! $response['success'] ) { // What happens when the CAPTCHA was entered incorrectly $invalid_message = FrmField::get_option( $this->field, 'invalid' ); if ( $invalid_message === __( 'The reCAPTCHA was not entered correctly', 'formidable' ) ) { $invalid_message = ''; } $errors[ 'field' . $args['id'] ] = $invalid_message === '' ? $frm_settings->re_msg : $invalid_message; } return $errors; } /** * @param float $score * * @return void */ private function set_score( $score ) { global $frm_vars; if ( ! isset( $frm_vars['captcha_scores'] ) ) { $frm_vars['captcha_scores'] = array(); } $form_id = is_object( $this->field ) ? $this->field->form_id : $this->field['form_id']; if ( ! isset( $frm_vars['captcha_scores'][ $form_id ] ) ) { $frm_vars['captcha_scores'][ $form_id ] = $score; } } /** * @param array $args * * @return array */ public function validate( $args ) { if ( ! $this->should_validate() ) { return array(); } $missing_token = ! self::post_data_includes_token(); if ( $missing_token ) { return array( 'field' . $args['id'] => __( 'The captcha is missing from this form', 'formidable' ) ); } return $this->validate_against_api( $args ); } /** * @since 6.8.4 * * @return bool */ protected static function post_data_includes_token() { $settings = FrmCaptchaFactory::get_settings_object(); // phpcs:ignore WordPress.Security.NonceVerification.Missing return ! empty( $_POST[ $settings->token_field ] ); } /** * Check if the active captcha type's public key is set. * * @since 4.07 * * @return bool */ public static function should_show_captcha() { $settings = FrmCaptchaFactory::get_settings_object(); return $settings->has_pubkey(); } /** * @return bool */ protected function should_validate() { $is_hidden_field = apply_filters( 'frm_is_field_hidden', false, $this->field, wp_unslash( $_POST ) ); // phpcs:ignore WordPress.Security.NonceVerification.Missing if ( FrmAppHelper::is_admin() || $is_hidden_field ) { return false; } // don't require the captcha if it shouldn't be shown return self::should_show_captcha(); } /** * @return array|WP_Error */ protected function send_api_check() { $captcha_settings = FrmCaptchaFactory::get_settings_object(); $arg_array = array( 'body' => array( 'secret' => $captcha_settings->secret, 'response' => FrmAppHelper::get_param( $captcha_settings->token_field, '', 'post', 'sanitize_text_field' ), 'remoteip' => FrmAppHelper::get_ip_address(), ), ); return wp_remote_post( $captcha_settings->endpoint, $arg_array ); } /** * Updates field name in page builder to the currently activated captcha if it is set to the default. * * @since 6.0 * * @param array $values * * @return array $values */ public static function update_field_name( $values ) { if ( $values['type'] === 'captcha' ) { $name = $values['name']; if ( in_array( $name, array( __( 'reCAPTCHA', 'formidable' ), __( 'hCaptcha', 'formidable' ) ), true ) ) { $values['name'] = __( 'Captcha', 'formidable' ); } } return $values; } }